The present invention relates generally to encryption techniques and in particular to a computer implemented software data encryptor/decryptor.
Computer cryptography, securing secret data, private data and authentication of information using software data encryption is an ongoing concern in the public and private sectors. Use of file based and device driver encryption is secure to the extent of the unknown key(s). Personal computers with a standard operating system such as DOS that uses device driver encryption/decryption are bound to I/O overhead, reside in random access memory and can expose a method of encryption. Device driver cryptosystems are useful for elimination of file specific encryption/decryption and are virtually transparent to the user.
Firmware cryptosystems like device driver cryptosystems are virtually transparent to the user. Physically implemented firmware cryptosystems require hardware embedded attachment that exposes a method of encryption, and can be bound to I/O overhead. Firmware cryptosystems generally require transported cipher data to a target machine to have the same hardware embedded attachment as a deciphering agent. This can be a cumbersome approach when wide area networks are involved and/or many PC""s are involved in the process.
Private key cryptosystems generally require the secret key(s) used for encryption as the key(s) used for decryption. Public key cryptosystems generally used over networks generate a public and private key from a mathematical computational process. The generated private key is kept secret and should only be known by the recipient. The sender uses the public key to encrypt the data file or message and the recipient decrypts the data with his or her private key. Under a public key cryptosystem only the recipient""s private key can decrypt the message data. Public key cryptosystems require at least two keys and a process to generate the keys
The present invention discloses a xe2x80x9cdata encryptor/decryptor using variable in-place I/Oxe2x80x9d and addresses on standard operating systems such as DOS and WINDOWS private key cryptosystem capability with varying degrees of data security for private use as well as public use over networks and other distribution channels. The present invention can also be used for data authentication and digital signatures.
Data authentication is used for proof of authentic, non-corrupted reproduction of data. Cryptographic processes can be used for authentication because of the level of mathematical proofs required for verification of an authentic binary dataset.
Use of the present invention method and apparatus as a process for authentication is achieved by applying an expected binary dataset authenticity certificate and/or digital signature to the data encrypted. Decryption of the dataset that includes the authenticity certificate and/or digital signature guarantees a perfect binary equivalent of the original data when the certificates and/or digital signatures match as binary equivalents or are validated as expected.
The present invention provides for a xe2x80x9cdata encryptor/decryptor using variable in-place I/Oxe2x80x9d, preferably in the form of computer software. The software can be installed on a hard drive, or be loaded on a floppy disk and run therefrom. Though not preferred, the process can also be burned into ROM. The present invention provides a method and apparatus which is implemented for private key cryptosystems and can be used in conjunction with public key cryptosystems. The invention processes dataset(s) and/or file(s) based on binary representation. The symbol xe2x80x9c{circumflex over ( )}xe2x80x9d will be used throughout the disclosure to represent the exponential symbol. Thus, xe2x80x9c2{circumflex over ( )}8xe2x80x9d will mean xe2x80x9ctwo to the eighthxe2x80x9d or xe2x80x9ctwo hundred and fifty sixxe2x80x9d.
Private key file based cryptosystems use an input source file and designate an encrypted output file. The present invention implementation can process the input source file xe2x80x9cin-placexe2x80x9d eliminating the creation of a new output file, which increases security. In addition the present invention can also process separate output file(s) for leaving the input source file(s) encrypted or in their original form.
The present invention implementation can be executed directly from a disk inserted in a floppy disk drive without installing to a hard disk drive. This avoids any trace of a ciphering agent, which is an obvious security benefit. To increase the level of security by orders of magnitude the present invention can process multiple times using multiple variable length keys the same input source data adding to the total number of possible combinations of encryption/decryption keys.
Furthering the complexities of the encryption/decryption process the present invention method and apparatus can include multiple matrix arrays with variable ordered element pairs. The present invention can be executed using the decryptor method as an encryption process. Conversely, the encryptor method can then be used as the decryption process. This effectively increases the data security by increasing the total number of possible combinations of encryption/decryption keys and cipher layers.
The invention provides an encryption/decryption method and apparatus using a computer with a central processing unit xe2x80x9cCPUxe2x80x9d accessing random access memory xe2x80x9cRAMxe2x80x9d controlling an input/output xe2x80x9cI/Oxe2x80x9d device. The I/O device could be in RAM, or a peripheral storage unit such as a floppy disk.
The method and apparatus include software programmed instructions, associated with the CPU of a computer, for carrying out the arithmetic, logical and manipulative functions that controls and directs the method and apparatus processing. The method and apparatus Access Code Key table byte is logically XOR""ed with a current data STRING byte pointed to. The initial keypointer (xe2x80x9cKPxe2x80x9d) value is calculated by dividing the input dataset size that is less than the I/O Control variable (xe2x80x9cIOCxe2x80x9d), by the length of the access code key (xe2x80x9cKEYLENGTHxe2x80x9d). If the dataset size is greater than IOC, IOC is used as a dividend and the KEYLENGTH is the divisor.
The remainder relative to zero is the initial KP value. KP is added to the relative offset of the Access Code Key table. The access code key byte pointed at with KP is logical XOR""ed with the current data STRING byte pointed to with a string pointer (xe2x80x9cSPxe2x80x9d). Then the user XOR code UWORD is logically XOR""ed with the current data STRING byte pointed to with SP. After swapping several symbols, the current data STRING byte pointed to by SP, is targeted for replacement with the current Matrix Array element pointed at by matrix array pointer (xe2x80x9cMAPxe2x80x9d).
Initial Counter Starting value (xe2x80x9cOxe2x80x9d) is calculated by dividing the size of the dataset by the Matrix Array size. The remainder relative to zero is used as the initial counter starting value O.
The replacement Matrix Array element is pointed at via MAP. The MAP is calculated by adding the current data STRING byte pointed to SP, to the relative offset of the Matrix Array. The initial counter starting value through the iteration of the processing loop is subtracted from the value replaced from the Matrix Array. Then the counter starting value is decremented.
The processing loop reverses the STRING to relative offset of reverse string (xe2x80x9cOREVSTRxe2x80x9d) and writes OREVSTR to output.
The method and apparatus controls the physical input size read by the I/O Control variable IOC. Preferably, the Matrix Array is in effect and IOC preferably is a minimum of the Matrix Array size, or an exact multiple thereof. When the Matrix Array is bypassed, IOC preferably is equal to the KEYLENGTH or an exact multiple of the KEYLENGTH.
The method and apparatus controls the physical output pointer (xe2x80x9cODPxe2x80x9d) via IOC derived from the above criterion using a record counter (xe2x80x9cPRCxe2x80x9d) as a multiplier to IOC. The product ODP becomes a relative pointer from the beginning of the output dataset. Through the iteration of the processing loop, the output pointer is relatively displaced by each new product.
The method and apparatus controls the STRING reversal by using pointers, one pointing at the low memory address of the STRING, and one pointing at the high memory address of the reverse string OREVSTR. Through the iteration of the processing loop the pointers are incremented and decremented respectively.
The opposite for Encryption/Decryption method and apparatus initializes the Counter Starting value and keypointer KP to zero. Opposite is in reference to the above encryption/decryption method and apparatus wherein the data being processed is either being ciphered or deciphered.
The complete process to data end, effectively has no upper limit. The encryption/decryption method and apparatus can be applied up to infinity with respect to either ciphering(encrypting) or deciphering(decrypting). Each process pass can have unique keys, or identical keys, or any combination. The encryption/decryption method and apparatus is scaleable for multiple Matrix Arrays, and/or multiple Access Code Keys, and/or multiple user XOR bit codes.
The method and apparatus utilizes a finite number of Matrix Array(s) structured with unequal element pairs, with a preferred 2{circumflex over ( )}7 set of pairs, and a numerical range of preferably 2{circumflex over ( )}8. The Matrix Array is constructed with element pointer pairs that are relative to zero with equivalent numerical values, with the pairs ordered randomly.
Thus, the summarizing the present invention provides a method and apparatus for data encryption/decryption. In the method and apparatus of the present invention, the initial KP keypointer value is calculated by dividing the input dataset size that is less than an I/O Control variable IOC, by the KEYLENGTH. If the dataset size is greater than IOC, IOC is used as a dividend and the KEYLENGTH is the divisor. The remainder relative to zero is the initial keypointer value of KP. KP is added to the relative offset of the Access Code Key table. The access code key byte pointed at is logical XOR""ed with the current data STRING byte pointed to. Then the user XOR bit code UWORD is logical XOR""ed with the current data STRING byte pointed to. After limited symbol swapping, the current data STRING byte pointed to is targeted for replacement with a Matrix Array element. The replacement Matrix Array element is selected by adding the current data STRING byte pointed to, to the relative offset of the Matrix Array. This creates a Matrix Array Pointer MAP. The initial counter starting value through the iteration of the processing loop is subtracted from the value replaced from the Matrix Array. Then the counter starting value is decremented. The processing loop reverses the STRING to OREVSTR and writes OREVSTR to output. The method and apparatus controls the physical input size read by the I/O Control variable IOC. When the Matrix Array is in effect, IOC preferably is a minimum of the Matrix Array size, or an exact multiple thereof. When the Matrix Array is bypassed, IOC preferably is equal to the KEYLENGTH or an exact multiple of the KEYLENGTH. The method and apparatus controls the physical output pointer ODP via IOC derived from the above criterion using a record counter PRC as a multiplier to IOC. The product ODP becomes a relative pointer from the beginning of the output dataset. at Through the iteration of the processing loop, the output pointer is relatively displaced by each new product. The method and apparatus controls the STRING reversal by using pointers, one pointing at the low memory address of the STRING, and one pointing at the high memory address of the reverse string OREVSTR. Through the iteration of the processing loop the as pointers are incremented and decremented respectively. The converse for Encryption/Decryption method and apparatus initializes the Counter Starting value and KP to zero. The converse is in reference to the above encryption/decryption method and apparatus wherein the data being processed is either being encrypted or decrypted. The method and apparatus utilizes a finite number of Matrix Array(s) structured with unequal element pairs, with a preferred 2{circumflex over ( )}7 set of pairs, and a numerical range of preferably 2{circumflex over ( )}8. The Matrix Array is constructed with element pointer pairs that are relative to zero with equivalent numerical values, with the pairs ordered randomly.